[Winpcap-users] WinPcap 4.1.3 not working anymore on Windows 10 build 10041
Pascal Quantin
pascal.quantin at gmail.com
Sun Mar 29 10:24:45 UTC 2015
2015-03-25 16:45 GMT+01:00 Pascal Quantin <pascal.quantin at gmail.com>:
> Hi all,
>
> as reported on this blog post:
> http://netscantools.blogspot.fr/2015/03/winpcap-and-wireshark-problems-on.html,
> network interfaces are no more showing up on the latest Windows 10 build (I
> see the same thing on my virtual machine).
> I could not find any clear information yet, but I fear it could imply that
> Microsoft is gonna drop the NDIS 5 backward compatibility mode sooner or
> later (which should be expected at some point as NDIS 6 was introduced in
> Vista). Given the number of products / projects that rely on WinPcap
> (Wireshark being one of them), having it not working anymore in the latest
> Microsoft OS would be a drama.
> I know that the project is more or less stalling since a few years. An
> "emergency" fix was done for Windows 8 support, but I have no idea whether
> having it working on Windows 10 requires a small fix or a full rewrite.
> Could one of the developer kindly have a look and provide some info
> regarding the Windows 10 compatibility / WinPCAP future?
>
Hi all,
as indicated by Jakub Zawadzki, there was a Nmap GSoc 2013 project porting
Winpcap to NDIS 6, with the source code found here:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF
<https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/installer/winpcap-nmap-4.1.3-NDIS6-1.2.0.exe>
After a quick test, I can confirm that:
- interfaces are now seen and can be selected for capture
- ethernet frames containing TCP packets are seen with a size of 2048 bytes
(while I have a MTU set to 1500) and the extra data is seen as ethernet
trailer of 570 bytes + a FCS of 4 bytes
- DNS queries are truncated (only the first 8 bytes of UDP datagram are
captured)
So this is not yet usable but seems to be a good starting point.
http://seclists.org/nmap-dev/2013/q4/108 suggests that the code was shared
with WinPcap development team (or at least this was the intention). Did
this ever happened?
Best regards,
Pascal.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20150329/194bd4a6/attachment.html>
More information about the Winpcap-users
mailing list